Virtualization

Rahul Hada
 Road Map
● Introduction
● Virtualized environment
● Architecture of VM
● Taxonomy of virtualization
● Machine Reference Model
– ISA:Security class
– Privileged Hierarchy
● Hardware-level virtualization
– Hypervisor & types
– VMM
– Theorems
● OS-level virtualization
● Programming-level virtualization and few more
● Virtulization and cloud computing
● Xen: Paravirtualization,KVM:Full virtualization,WINE:Application-level
virtualization and few more
 Introduction
● It is a large umbrella of technologies and
concepts.
● Virtualization levels :-
– Hardware level
– Operating system level
– Programming Language level
– Application level
● Types :- Hardware , Software & Networking
 Introduction [Cont.]
● Virtualization gained interest :-
– Increased performance and computing capacity
●
PCs are having immense computing power.
– Underutilized hardware and software resources
● Limited use of increased performance & computing capacity.
– Lack of space
● Continious need for additional capacity.
– Greening initiatives
● Reduce carbon footprints
● Reducing the number of servers, reduce power consumption.
– Rise of administrative costs
● Power and cooling costs are higher then IT equipments.
 Architecture of Virtual Machines
● VM can support individual processes or a
complete system
● Virtualization can be from OS to programming
languages to processor architecture.
● VMs enhance
– Software interoperability (to work together)
– System impregnability (having strength)
– Platform versatility
 Abstraction and Virtualization
● Computer system is complex, and yet it
continue to evolve.

● Computer is designed as hierarchies of well-

defined interfaces that separate level of
abstraction

● Simplifying abstractions hide lower-level

implementation details
 Abstraction
● Ex. Disk storage

● Hides hard-disk addressing

details (sectors and tracks)

● It appears to application
software as a variable sized
files.

● User can create,write and read

files without knowing the
underneath details.
 Pros and cons of Abstraction
● Well-defined interfaces permit development of
interacting computer subsystems not only in
different organization but also at different time.

● Limitation of well-defined interfaces , designed

specification to one interface will not work for
other.
 Virtualization
● Virtualization of system or
components like –
processor,memory or an I/O
device – at a given
abstraction level.

● It transforms a entire
system or components of the
system

● Ex. disk storage

 Virtual Machine
● Virtualization can be applied to entire machine.

● VM can be implemented by adding a software

layer to a real machine to support desired
architecture.

● VM implementation lie at architected

interfaces
 Architected Interfaces
● Architecture, as applied to computer
systems,refer to a formal specification to an
interface in the system,including the logical
behavior of the resources managed via the
interface.
● Implementation describes the actual
embodiment of an architecture.
● Abstraction levels correspond to
implementation layers,having its own
interface or architecture.
 Computer System Architecture
● Interfaces at or near the H/w
S/w boundary :-
– ISA – Instruction Set
Architecture.
– API – Application
Program Interface
– ABI – Application Binary
Interface
 Virtualized Environments
● Three major components of Virtualized
Environments
– Guest – system component that interacts
with Virtualization Layer.
– Host – original environment where guest
runs.
– Virtualization Layer – recreate the same or
different environment where guest will run.
Virtualization Reference Model
 Advantages of Virtualization
● Increased Security
– Ability to control the execution of a guest
– Guest is executed in emulated environment.
– Virtual Machine Manager control and filter the
activity of the guest.
– Hidding of resources.
– Having no effect on other users/guest environment.
 Advantages of Virtualization [Cont.]
● Managed Execution types :-
– Sharing
● Creating separate computing environment within the
same host.
● Underline host is fully utilized.
– Aggregation
● A group of separate hosts can be tied together and
represented as single virtual host.
– Emulation
● Controlling & Tuning the environment exposed to guest.
– Isolation
● Complete separate environment for guests.
Managed Execution
 Advantages of Virtualization [Cont.]
● Performance Tuning –
– control the performance of guest.
● Virtual Machine Migration –
– move virtual image into another machine.
● Portability –
– safely moved and executed on top of different
virtual machine.
– Availability of system is with you.
 Taxonomy of Virtualization
Techniques
● Virtualization is mainly used to emulate
execution environment , storage and
networks.
● Execution Environment classified into two :-
– Process-level – implemented on top of an existing
operating system.

– System-level – implemented directly on hardware

and do not or minimum requirement of existing
operating system
Taxonomy of virtualization
 Machine Reference Model
● It defines the interfaces between the levels of
abstractions, which hide implementation
details.
● Virtualization techniques actually replace one
of the layers and intercept the calls that are
directed towards it.
 Machine Reference Model [Cont.]

● Hardware is expressed in terms of the Instruction Set Architecture (ISA).

– ISA for processor, registers, memory and the interrupt management.
● Application Binary Interface (ABI) separates the OS layer from the
application and libraries which are managed by the OS.
– System Calls defined
– Allows portabilities of applications and libraries across OS.
 Machine Reference Model [Cont.]
● API – it interfaces applications to libraries
and/or the underlying OS.
● Layered approach simplifies the development
and implementation of computing system.
● ISA has been divided into two security classes:-
– Privileged Instructions
– Nonprivileged Instructions
 ISA: Security Classes
● Nonprivileged instructions
– That can be used without interfering with other
tasks because they do not access shared
resources. Ex. Arithmetic , floating & fixed point.
● Privileged instructions
– That are executed under specific restrictions and
are mostly used for sensitive operations, which
expose (behavior-sensitive) or modify (control-
sensitive) the privileged state.
● Behavior-sensitive – operate on the I/O
● Control-sensitive – alter the state of the CPU register.
 Privileged Hierarchy:
Security Ring
● Ring-0 is in most privileged level ,
used by the kernel.
● Ring-1 & 2 used by the OS-level
services
● and , R3 in the least privileged
level , used by the user.
● Recent system support two
levels :-
– Ring 0 – supervisor mode
– Ring 3 – user mode
 Hardware-level virtualization
● It is a virtualization technique that provides an
abstract execution environment in terms of
computer hardware on top of which a guest
OS can be run.
● It is also called as system virtualization.
Hardware-level virtualization
 Hypervisor
● Hypervisor runs above the supervisor mode.
● It runs in supervisor mode.
● It recreates a h/w environment.
● It is a piece of s/w that enables us to run one or
more VMs on a physical server(host).
● Two major types of hypervisor
– Type -I
– Type-II
 Type-I Hypervisor
● It runs directly on top of the hardware.
● Takes place of OS.
● Directly interact with the ISA exposed by the
underlying hardware.

● Also known as native virtual machine.

 Type-II Hypervisor
● It require the support of an
operating system to provide
virtualization services.
● Programs managed by the
OS.
● Emulate the ISA of virtual h/w.
● Also called hosted virtual
machine.
 Virtual Machine Manager (VMM)
● Main Modules :-
– Dispatcher
● Entry Point of VMM
● Reroutes the instructions issued by VM instance.
– Allocator
● Deciding the system resources to be provided to the VM.
● Invoked by dispatcher
– Interpreter
● Consists of interpreter routines
● Executed whenever a VM executes a privileged
instruction.
● Trap is triggered and the corresponding routine is
executed.
Virtual Machine Manager (VMM)
 Criteria of VMM*
● Equivalence – same behaviour as when it is
executed directly on the physical host.
● Resource control – it should be in complete
control of virtualized resources.
● Efficiency – a statistically dominant fraction of
the machine instructions should be executed
without intervention from the VMM

* criterias are established by Goldberg and Popek in 1974

 Theorems
● Popek and Goldberg provided a classification
of the instruction set and proposed three
theorems that define the properties that
hardware instructions need to satisfy in
order to efficiently support virtualization.
● Classification of IS-
– Privileged Instructions
● Trap if the processor is in user mode
– Control sensitive Instructions
– Behavior sensitive Instructions
 Theorems-1
● Theorems 1
– For any conventional third-generation computer, a
VMM may be constructed if the set of sensitive
instructions for that computer is a subset of the set
of privileged instructions.
 Theorems
● Theorems 2
– A conventional third-generation computers is
recursively virtualizable if:
● It is virtualizable and
● A VMM without any timing dependencies can be
constructed for it.
 Theorems
● Theorems 3
– A hybrid VMM may be constructed third-generation
machine in which the set of user-sensitive
instructions is a subset of the set of privileged
instructions.
– In HVM, more instructions are interpreted rather
than being executed directly.
 Hardware virtualization
Techniques
● CPU installed on the host is only one set, but
each VM that runs on the host requires their
own CPU.
● It means CPU needs to virtualized, done by
hypervisor.
 Hardware virtualization
Techniques [Cont.]

● Full virtualization
– Ability to run program (OS) directly on top of a
virtual machine and without any modification.
– VMM require complete emulation of the entire
underneath h/w
– Advantages
● Complete isolation
● Enhanced security
● Ease of emulation of different architectures and
coexistence
– Key challenge is interception of privileged
instructions
 Full Virtualization
● Hypervisor has Ring 0
authority
● and , guest OS has Ring 1
authority
● ISA of guest OS are
converted into ISA of host
using binary translation
process.
● Privileged instructions are
traped.
 Hardware virtualization
Techniques
● Hardware-assisted virtualization
– In this hardware provides architectural support for
building a VMM able to run a guest OS in complete
isolation.
– Intel VT and AMD V extensions.
– Early products were using binary translation to
trap some sensitive instructions and provide an
emulated version
 Hardware-assisted virtualization
● Additional Ring -1
● No binary translation of
privileged instructions
● Commands are are executed
directly to h/w via the
hypervisor
 Hardware virtualization
Techniques [Cont.]

● Paravirtualization
– Not-transparent virtualization
– Thin VMM
– Expose software interface to the virtual machine
that is slightly modified from the host.
– Guest OS need to be modified.
– Simply transfer the execution of instructions which
were hard to virtualized, directly to the host.
 Paravirtualization
● Privileged instructions of
guest OS is delivered to the
hypervisor by using
hypercalls
● Hypercalls handles these
instructions and accesses
the h/w and return the result.
● Guest has authority to
directly control of
resources.
 Hardware virtualization
Techniques [Cont.]

● Partial virtualization
– Partial emulation of the underlying hardware
– Not allow complete isolation to guest OS.
– Address space virtualization is a common feature of
comtemporary operating systems.
– Address space virtualization used in time-sharing
system.
 Operating system-level
virtualization
● It offers the opportunity to create different and
separated execution environments for
applications that are managed concurrently.
● No VMM or hypervisor
● Virtualization is in single OS
● OS kernel allows for multiple isolated user
space instances
● Good for server consolidation.
● Ex. chroot , Jails, OpenVZ etc.
 Programming language-level
virtualization
● It is mostly used to achieve ease of deployment of
application, managed execution and portability across
different platform and OS.
● It consists of a virtual machine executing the byte code
of a program, which is the result of the compilation
process.
● Produce a binary format representing the machine code
for an abstract architecture.
● Example
– Java platform – Java virtual machine (JVM)
– .NET provides Common Language Infrastructure (CLI)
● They are stack-based virtual machines
 Advantage of
programming/process-level VM
● Provide uniform execution environment across
different platforms.
● This simplifies the development and deployment
efforts.
● Allow more control over the execution of
programs.
● Security; by filtering the I/O operations
● Easy support for sandboxing
 Application-level virtualization
● It is a technique allowing applications to run in
runtime environments that do not natively
support all the features required by such
applications.
● In this, applications are not installed in the
expected runtime environment.
● This technique is most concerned with :-
– Partial file system
– Libraries
– Operating System component emulation
 Strategies for Implementation
Application-Level Virtualization
● Two techniques:-
– Interpretation -
● In this every source instruction is interpreted by an
emulator for executing native ISA instructions,
● Minimal start up cost but huge overhead.
– Binary translation -
● In this every source insruction is converted to native
instructions with equivalent functions.
● Block of instructions translated , cached and reused.
● Large overhead cost , but over time it is subject to
better performance.
Different from H/w Virtualization
● In h/w virtualization , it allows the execution of a
program compiled against a different h/w.
● In Application level emulation , complete h/w
environment.
● Ex:-
– Wine
– CrossOver
– and , many more
 Storage Virtualization
● It allows decoupling the physical organization of
the h/w from its logical representation.
● Using Network based virtualization known as
storage area network (SAN).
● SAN – Self Study
 Network Virtualization
● It combines h/w appliances and specific
software for the creation and management of a
virtual n/w.
● It can aggregate different physical networks
into a single logical network.
● VLAN – Self Study
 Virtualization and cloud
computing
● Plays an important role in cloud computing.
● Primarily used to offer configurable computing
environments and storage.
● H/w virtualization enabling solution in IaaS
● Programming language virtualization in PaaS.
● Virtualization provides :-
– Consolidating
– Isolation
– Controlled environments
 Pros & Cons of
Virtualization
● Disadvantages
– Performance degradation -
● As it interposes and abstraction layer between guest &
host.
– Inefficiency and degraded user experience -
● Some of specific features of the host is unexposed.
– Security holes and new threats
● Case 1 – emulating a host in a completely transparent
manner.
● Case 2 - H/w virtualization , malicious programs can
preload themselves before the OS and act as a thin
VMM.
?